<?php

mysql_connect('localhost','root','');
mysql_select_db('nb158d');
$email = $_GET['email'];
$password = $_GET['password'];


//x'; DROP TABLE members; --

//http://localhost/sql_injection/sql_injection.php?email=pizza%27%20OR%20%271%27=%271&password=700
//http://localhost/sql_injection/sql_injection.php?email=pizza%27%20OR%20DROP%20TABLE%20members;%271%27=%271&password=700
echo $query = "SELECT * FROM products where name='$email' AND price = '$password'";
$result = mysql_query($query)or die(mysql_error());

while($ans = mysql_fetch_array($result)){
  echo "<pre>";
  print_r($ans);
}

